Windows 7 management features will make IT admins grin

Regardless of whether they're on XP or Vista, IT departments will have a lot …

Throughout this week's Professional Developers Conference, Microsoft has been demonstrating a number of new features designed to make the lives of IT types easier. Shanen Boettcher, General Manager of Windows Product Management for the enterprise, demonstrated some of these features at a Windows 7 press briefing, and we've had the chance to look at some of them ourselves. Microsoft's demo focused primarily on security, mobile access and deployment/troubleshooting, and there was some really interesting stuff there. Here are a few of the features we find compelling:

In place imaging

Windows 7 will allow users to apply sort of an in-place image, keeping all user files intact. They demonstrated with a Vista machine containing 30GB of unspecified user data (we suspect the files were mostly work related DVD rips). They plugged a USB key into the running Vista machine, triggered the re-image process, and thirty minutes later we were looking at a functional Windows 7 installation with that same 30GB. One particularly interesting, though somewhat scary, implication of this is that IT staff can send a USB key out to remote users and let them reimage their own machines.

Like most features, Microsoft has integrated this into its group policy tools. System administrators can limit the use of encryption on removable disks in a number of ways. One particularly interesting constraint they demonstrated was the ability to restrict writes to encrypted thumb drives only. They plugged an unencrypted "user" drive in to demonstrate this capability. File reads worked fine: we were able to see what was on the disk and look at some specific files. When they attempted to save to the disk, however, Windows said "no, you need to encrypt this first."

We tried this out with a couple of Windows 7 machines, and it works in a predictable way. When we plugged our encrypted thumb drive into another Windows 7 machine, we got a prompt requesting the encryption password with an option to store it for later use.

Problem recorder

Keeping up with the "useful sounding features Microsoft already should have introduced" theme, they demonstrated the "Problem Steps Recorder." Users experiencing problems can fire up the recorder, perform the necessary steps to demonstrate the problem, and send a diagnostic log off to a support department (or a support son-in-law, in the case of my family). The log includes screenshots of each step, including highlighted buttons where users performed an action. It seems like an obvious tool to provide to support departments, but the execution was better than we expected.

Remote access security and performance

Microsoft also introduced a featured called "DirectAccess" for Windows 7. The stated goal for DirectAccess is to give mobile users more convenient access to network resources without requiring them to initiate a VPN connection. Conceptually, it sounds a lot like RPC over HTTPS for Exchange/Outlook, though the implementation is completely different.

Microsoft's demonstration scenario involved a remote user receiving an e-mail with a link to a file on the corporate Sharepoint server. Rather than firing up a VPN connection, they simply clicked the link and up popped IE. The status bar showed a number of interesting things, including a couple of IPv6 addresses, then the file loaded. We are told that this capability will require Windows Server 2008 R2, IPsec and IPv6 to work properly.

There's also a neat feature called "BranchCache." Commonly used network resources (files, pages, etc.) may be cached in remote offices on first use, so subsequent loads aren't subjected to the constraints imposed by the speed of light. As you'd expect, this also requires Windows Server 2008 R2. However, Windows 7 machines can operate in P2P mode as well, which seems like it will make it a bit easier to get going in smaller locations.

Odds and ends

There's quite a bit more coming down the pipe for Windows 7, and still more for Windows Server 2008 R2 (which, oddly enough, had a "Windows 7 Enterprise Server" beta tag when we saw it). It's hard to provide more depth without using these extensively, but here are some more new things that caught our eye:

Better Virtual Hard Disk (VHD) support. It will be possible to mount .vhd files using the normal "Disk Management" features of Windows 7

Offline files have also been improved. Admins can specify policies about which offline files sync, keeping things like music from syncing back to a file server

Applications accessed via Terminal Services can appear in the Start menu, just like local applications. Remote applications will also behave as if they're normal applications when launched. We suspect this is a similar mechanism that Windows Home Server uses for its console

Software Restriction policies appear to have been improved and named AppLocker. Microsoft demonstrated that it allowed administrators to restrict applications by publisher, application executable, and version number

Numerous Powershell improvements. There was a demonstration of writing small Powershell scripts and running them remotely to perform certain tasks.

We expect to have quite a few more details on these things in the future, particularly features like DirectAccess, when we get a test setup going with Server 2008 R2 and a couple of Windows 7 machines.